| Re: i getting this warning [message #176024 is a reply to message #176021] |
Thu, 17 November 2011 14:01   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 11/17/2011 8:31 AM, Arno Welzel wrote:
> Denis McMahon, 2011-11-16 16:11:
>
>> On Wed, 16 Nov 2011 06:56:21 -0500, Jerry Stuckle wrote:
>>
>>> On 11/16/2011 6:17 AM, sri kanth wrote:
>>
>>>> $qs=$_REQUEST['id'];
>>>> $data=mysql_query("select * from tbl_porduct where pid=$qs");
>>
>>> Three things.
>>
>> You missed "using unescaped user input in a query with no validation or
>> verification". I know it's only a select, but would you bet that he's
>> that sloppy with selects and yet rigorous with data changing statements?
>
> It does not matter what statement there *is*. Using data from outside in
> this way makes *everything* possible - this is the typical mistake which
> makes SQL injection possible!
>
>
> Example:
>
> Lets assume $qs is "1;drop tlb_product".
>
> $data = mysql_query("select * from tbl_product where pid=$qs");
>
> The statement will be expanded to:
>
> "select * from tbl_product where pid=1;drop tbl_product"
>
> The result will be, that the table tbl_product will be dropped, if the
> MySQL user has the right to drop tables.
>
>
<snip>
The statement will fail because mysql_query() will not execute multiple
statements in a single query.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]